EIGRP Lab 2 IPv4 Advanced Configuration
Previous-Lab Next-Lab
Download Lab: GNS3
Prerequisites:
Cisco IOSv (vios-adventerprisek9-m.vmdk.SPA.156-2.T)
Objectives:
In this lab, you will be configuring advanced features of eigrp. You will summarize small subnets into the larger network, implement authentication between peers, reduce unnecessary queries, enable equal and unequal path load balancing, establish eigrp neighbor relation manually, reduce consumption of the bandwidth by eigrp on the low capacity links, improve convergence with the hello and hold timers and offset list, propagate default static route, prevent routes from getting installed into the routing table.
Topology:
In this gns3project routers already have configured with basic eigrp parameters.
Procedures:
Task1: EIGRP Summarization:
Step1: On HQ-R1 verify that RIB has individual subnets of the remote sites.
HQ-R1# show ip route eigrp
Step2: Configure summary address on BR1's interfaces facing DR1 and DR2.
BR1(config)#interface g0/0
BR1(config-if)#ip summary-address eigrp 15 172.17.0.0 255.255.252.0
BR1(config)#interface g0/1
BR1(config-if)#ip summary-address eigrp 15 172.17.0.0 255.255.252.0
Step3: Verify that HQ-R1 now receiving summary route of BR1.
HQ-R1# show ip route eigrp
HQ-R1# show ip route 172.17.0.0 255.255.252.0
HQ-R1#show ip route 172.17.0.0 255.255.0.0 longer-prefixes
Step4: If you are unable to find the summary route in step3 then you can troubleshoot with this command, it shows for which summary network it enabled in slash notation and interfaces configured on.
BR1# show ip protocols
Step5: Configure the same way summarization on BR2, BR3, and HQ-R1.
Step6: Summary-metric could be applied towards the summary route if you need for some reason increase the metric of the summary route, it can be done in eigrp router configuration mode. The currently reported distance of 172.17.0.0/22 is 2816 after you apply new changes it will be much larger.
BR1(config)# router eigrp 15
BR1(config-router)#summary-metric 172.17.0.0/22 100000 10 255 1 1500
Step7: Verify the new metric for the summary route:
BR1# show ip protocol
BR1#show ip eigrp topology 172.17.0.0/22
Step8: Use step 6 as an example to adjust summary-metric for BR2 and BR3.
Step9: Save configurations on the all affected routers.
Task2: EIGRP Authentication.
Step1: Create key chain EIGRP in global configuration mode.
Core1(config)#key chain EIGRP
Core1(config-keychain)#key 1
Core1(config-keychain-key)#key-string gns3
Step2: Identify eigrp enabled interfaces.
Core1# show ip eigrp interfaces
Step3: Enter the interface range command for all eigrp enabled interfaces and configure authentication.
Core1(config)#interface range g0/0-6
Core1(config-if-range)#ip authentication mode eigrp 15 md5
Core1(config-if-range)#ip authentication key-chain eigrp 15 EIGRP
Step4: Repeat Step1 through 3 on all routers in the topology.
Step5: Verify that authentication is properly enabled on the interfaces.
Core1# show ip eigrp interface detail g0/0
Step6: Verify key chain for the proper parameters, key name, key number, and key string.
Core1# show key chain
Step7: Save configurations on the all affected routers.
Task3: EIGRP Stub.
Step1: On the BR1 router enable debug command for eigrp packet query, you need this to observe what happens when one of BR1's neighbor's network goes down.
BR1# debug eigrp packet query
Step2: On the DR1 shutdown interface g0/0 towards DR2.
DR1(config)# interface g0/0
DR1(config-if)# shutdown
Step3: Go back to BR1 and review the line in the output of debug command.
Example:
*Jul 1 23:38:58.180: EIGRP: received packet with MD5 authentication, key id = 1
*Jul 1 23:38:58.342: EIGRP: received packet with MD5 authentication, key id = 1
*Jul 1 23:38:58.343: EIGRP: Received QUERY on Gi0/0 - paklen 85 nbr 10.0.5.5
*Jul 1 23:38:58.343: AS 15, Flags 0x0:(NULL), Seq 440/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
Step4: On the DR1 bring the g0/0 interface back up.
DR1(config)# interface g0/0
DR1(config-if)# no shutdown
Step5: Enable eigrp stub feature in the router configuration mode.
BR1(config)# router eigrp 15
BR1(config-router)# eigrp stub
Step6: Locally you can verify stub configuration with the command below, it shows you that eigrp stub is enabled on the router and types of routes the router will advertise to its neighbor.
BR1# show ip protocols
--Output partially displayed--
EIGRP-IPv4 Protocol for AS(15)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
Soft SIA disabled
NSF-aware route hold timer is 240
Router-ID: 0.0.17.1
Stub, connected, summary
Topology : 0 (base)
Step7: On the neighboring router you can verify stub option by using this command.
DR1# show ip eigrp neighbor detail
--Output partially displayed--
3 10.0.5.6 Gi0/3 12 00:25:57 211 1266 0 14
Version 20.0/2.0, Retrans: 1, Retries: 0, Prefixes: 2
Topology-ids from peer - 0
Topologies advertised to peer: base
Stub Peer Advertising (CONNECTED SUMMARY ) Routes
Suppressing queries
As you can see in the output, the DR1 will never send out query messages to BR1 when it or its upstream neighbors lost connection to the networks they attached to.
Step8: Make sure that debug command on BR1 is still enabled, then go to DR1's g0/0 interface configuration and simulate failure by shutting the interface down.
DR1(config)# interface g0/0
DR1(config-if)# shutdown
Step9: On the BR1 observe the absence of the query messages, it indicates that feature is working properly.
BR1# debug eigrp packet query
Step10: Repeat steps above for BR2 and BR3 routers.
Step11: By default eigrp stub feature only include in its advertisements connected and summary routes. But what if you need to propagate external route learned by different means. In this case, you could have a static route pointing to the external network and redistributed into the eigrp domain but current stub configuration will not permit it to happen. Let's test this theory out.
BR1(config)#ip route 1.1.1.1 255.255.255.255 null 0
BR1(config-router)#redistribute static
Step12: Verify that configurations in the step above took place.
BR1# show ip route static
--Output partially displayed--
1.0.0.0/32 is subnetted, 1 subnets
S 1.1.1.1 is directly connected, Null0
BR1# show ip eigrp topology
--Output partially displayed--
P 1.1.1.1/32, 1 successors, FD is 256
via Rstatic (256/0)
Step13: You can see that in the step above the router has the static route redistributed into its eigrp topology table but you will not be able to find this network anywhere else in topology. Let's check it out.
HQ-R1# show ip route eigrp
Step14: To fix this problem you need reconfigure eigrp stub with static parameter and do not forget to include connected and summary.
BR1(config)# router eigrp 15
BR1(config-router)# eigrp stub connected summary static
Step15: Go back to HQ-R1 and verify the propagation of 1.1.1.1/32 route.
HQ-R1# show ip route eigrp
--Output partially displayed--
1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/3584] via 10.0.3.9, 00:00:13, GigabitEthernet0/1
[170/3584] via 10.0.3.5, 00:00:13, GigabitEthernet0/0
Step16: On the BR2 you will configure eigrp stub with redistributed parameter. First, you will create a loopback interface.
BR2(config)# interface loopback120
BR2(config-if)# ip address 2.2.2.2 255.255.255.255
Step17: Then enable RIPv2 for 2.2.2.2/32 subnet.
BR2(config)# router rip
BR2(config-router)# version 2
BR2(config-router)# network 2.0.0.0
Step18: Redistribute RIPv2 into EIGRP 15 domain.
BR2(config)# router eigrp 15
BR2(config-router)# redistribute rip metric 10000 10 255 1 1500
Step19: Verify that redistribution took place.
BR2# show ip eigrp topology 2.2.2.2/32
EIGRP-IPv4 Topology Entry for AS(15)/ID(0.0.18.2) for 2.2.2.2/32
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 258560
Descriptor Blocks:
0.0.0.0, from Redistributed, Send flag is 0x0
Composite metric is (258560/0), route is External
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 100 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 0
Originating router is 0.0.18.2
External data:
AS number of route is 0
External protocol is RIP, external metric is 0
Administrator tag is 0 (0x00000000)
Step20: On the HQ-R1 check for the absence of the 2.2.2.2/32, as you can see BR2 does not advertise RIPv2 redistributed route.
HQ-R1# show ip route eigrp
Step21: On the BR2 enable eigrp stub with redistributed parameter.
BR2(config)# router eigrp 15
BR2(config-router)# eigrp stub connected summary redistributed
Step22: Go back to HQ-R1 and verify that it has the 2.2.2.2/32 route in its routing table.
HQ-R1# show ip route eigrp
--Output partially displayed--
2.0.0.0/32 is subnetted, 1 subnets
D EX 2.2.2.2 [170/259584] via 10.0.3.9, 00:00:57, GigabitEthernet0/1
[170/259584] via 10.0.3.5, 00:00:57, GigabitEthernet0/0
Step23: On the BR3 remove configurations you have done in eigrp summarization task.
BR3(config)# router eigrp 15
BR3(config-router)# no summary-metric 172.19.0.0/22 100000 10 255 1 1500
BR3(config-router)# exit
BR3(config)# interface g0/0
BR3(config-if)# no ip summary-address eigrp 15 172.19.0.0 255.255.252.0
BR3(config)# interface g0/1
BR3(config-if)# no ip summary-address eigrp 15 172.19.0.0 255.255.252.0
Step24: On the HQ-R1 verify that it receives individual /24 subnets from BR3.
HQ-R1# show ip route eigrp
--Output partially displayed--
172.19.0.0/24 is subnetted, 4 subnets
D 172.19.0.0 [90/3840] via 10.0.3.9, 00:00:24, GigabitEthernet0/1
[90/3840] via 10.0.3.5, 00:00:24, GigabitEthernet0/0
D 172.19.1.0 [90/131584] via 10.0.3.9, 00:00:24, GigabitEthernet0/1
[90/131584] via 10.0.3.5, 00:00:24, GigabitEthernet0/0
D 172.19.2.0 [90/131584] via 10.0.3.9, 00:00:24, GigabitEthernet0/1
[90/131584] via 10.0.3.5, 00:00:24, GigabitEthernet0/0
D 172.19.3.0 [90/131584] via 10.0.3.9, 00:00:24, GigabitEthernet0/1
[90/131584] via 10.0.3.5, 00:00:24, GigabitEthernet0/
Step25: Due to low bandwidth on the links to the remote site in Philadelphia, the policy states that BR3 should not advertise any routes to the core network. Configure receive-only eigrp stub in router configuration mode.
BR3(config)#router eigrp 15
BR3(config-router)#eigrp stub receive-only
Step26: Verify that DR1 and DR2 are neighbors with BR3 as a receive-only peer and they do not receive routes from it.
DR1#show ip eigrp neighbors detail
--Output partially displayed--
EIGRP-IPv4 Neighbors for AS(15)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
5 10.0.5.14 Gi0/5 14 00:22:42 6 100 0 70
Version 20.0/2.0, Retrans: 0, Retries: 0
Topology-ids from peer - 0
Topologies advertised to peer: base
Receive-Only Peer Advertising (No) Routes
Suppressing queries
Step27: FromBR3-PC1 ping HQ-PC1, as you can see its timing out because there is no path back to the subnet in which BR3-PC1 resides since BR3 router does not advertise its local subnets to the core eigrp domain.
VPCS> ping 172.16.0.100
172.16.0.100 icmp_seq=1 timeout
172.16.0.100 icmp_seq=2 timeout
172.16.0.100 icmp_seq=3 timeout
Step28: On the DR1 and DR2 routers create summary static routes for BR3's subnets pointing to appropriate next-hop address.
DR1(config)# ip route 172.19.0.0 255.255.252.0 10.0.5.14
DR2(config)# ip route 172.19.0.0 255.255.252.0 10.0.6.10
Step29: On both DR1 and DR2 redistribute these routes into eigrp using route-map and prefix-list.
DR1(config)# ip prefix-list BR3_SUMMARY permit 172.19.0.0/22
DR1(config)# route-map RDR_STATIC permit 10
DR1(config-route-map)# match ip address prefix-list BR3_SUMMARY
DR1(config-route-map)# set metric 500000 1 255 1 1500
DR1(config-route-map)# exit
DR1(config)# router eigrp 15
DR1(config-router)# redistribute static route-map RDR_STATIC
Configure DR2 the same way.
I choose the route-map and prefix-list method of redistribution instead of just regular static redistribution because there could be other static routes which should not appear in eigrp domain, having granular approach over which routes you select to advertise is always the best-case scenario.
Step30: Verify that BR3-PC1 now is able to ping HQ-PC1.
VPCS> ping 172.16.0.100
172.16.0.100 icmp_seq=1 timeout
172.16.0.100 icmp_seq=2 timeout
84 bytes from 172.16.0.100 icmp_seq=3 ttl=59 time=5.434 ms
84 bytes from 172.16.0.100 icmp_seq=4 ttl=59 time=6.209 ms
84 bytes from 172.16.0.100 icmp_seq=5 ttl=59 time=7.680 ms
Step31: Save configurations on the all affected routers.
Task4: EIGRP Routing protocol load balancing.
Step1: Configuring equal paths load balancing, by default eigrp already use load balance automatically if multiple paths to the destination with equal cost exist but in this lab, you will reverse this behavior and then enable it later.
HQ-R1(config)# router eigrp 15
HQ-R1(config-router)# maximum-paths 1
Step2: Verify HQ-R1's eigrp neighbors.
HQ-R1# show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(15)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.0.3.5 Gi0/0 10 00:23:39 7 100 0 438
1 10.0.3.9 Gi0/1 10 00:25:22 9 100 0 418
Step3: Verify the routing table to see which path packets will take to reach BR1's 172.17.0.0/22 network.
HQ-R1# show ip route eigrp
--Output partially displayed--
172.17.0.0/22 is subnetted, 1 subnets
D 172.17.0.0 [90/29184] via 10.0.3.5, 00:00:05, GigabitEthernet0/0
Step4: Reset eigrp neighborship on whichever router HQ-R1 uses as the current path to the BR1's network. For example, in my case, it will be HQ-DR1.
HQ-DR1#clear ip eigrp neighbors 10.0.3.6
HQ-DR1#
*Jul 2 18:51:48.506: %DUAL-5-NBRCHANGE: EIGRP-IPv4 15: Neighbor 10.0.3.6 (GigabitEthernet0/3) is down: manually cleared
HQ-DR1#
*Jul 2 18:51:51.802: %DUAL-5-NBRCHANGE: EIGRP-IPv4 15: Neighbor 10.0.3.6 (GigabitEthernet0/3) is up: new adjacency
Step5: Back on the HQ-R1 verify again which path it takes now to reach 172.17.0.0/22 network.
HQ-R1# show ip route eigrp
--Output partially displayed--
172.17.0.0/22 is subnetted, 1 subnets
D 172.17.0.0 [90/29184] via 10.0.3.9, 00:03:53, GigabitEthernet0/1
Step6: As you can see in step 5 that next-hop address has been changed to the HQ-DR2's, also you can verify operation of equal pathing with the command below and you can see that it only uses one path for traffic forwarding no matter how many physical paths to the destination exist.
HQ-R1# show ip protocols
--Output partially displayed--
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
Soft SIA disabled
NSF-aware route hold timer is 240
Router-ID: 0.0.3.11
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 1
Maximum hopcount 100
Maximum metric variance 1
Automatic Summarization: disabled
Address Summarization:
172.16.0.0/22 for Gi0/0, Gi0/1
Summarizing 4 components with metric 2816
Step7: Research online the documentation to find out the logic behind why eigrp choose one path over another when neighborship between routers resets, you also should understand what attribute contributes to the decision-making process.
Step8: Return the load balancing to the default state.
HQ-R1(config)# router eigrp 15
HQ-R1(config-router)# no maximum-path
Step9: Verify load balancing proper operation.
HQ-R1# show ip protocols
HQ-R1# show ip route eigrp
Step10: You also can verify that there are multiple paths to the remote destination with traceroute.
HQ-R1# traceroute 172.17.0.100
Type escape sequence to abort.
Tracing the route to 172.17.0.100
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.3.9 3 msec (packets go via HQ-DR2)
10.0.3.5 3 msec (packets go via HQ-DR1)
10.0.3.9 4 msec
2 10.0.1.17 3 msec
10.0.2.21 4 msec
10.0.1.17 4 msec
3 10.0.2.14 5 msec
10.0.1.10 5 msec
10.0.2.14 6 msec
4 10.0.5.6 6 msec
10.0.6.2 5 msec
10.0.5.6 6 msec
5 172.17.0.100 6 msec 5 msec 6 msec
Step11: On DR2's g0/3 interface set the bandwidth to 600000 kbit/sec.
DR2(config)# interface g0/3
DR2(config-if)# bandwidth 600000
Step12: On BR1's g0/1 interface set the bandwidth to 600000 kbit/sec.
BR2(config)# interface g0/1
BR2(config-if)# bandwidth 600000
Step13: Verify that new change to the interface g0/1 has been applied.
BR1# show interfaces g0/1
--Output partially displayed--
GigabitEthernet0/1 is up, line protocol is up
Hardware is iGbE, address is 0c61.629f.da01 (bia 0c61.629f.da01)
Description: Link to DR2 int g0/3
Internet address is 10.0.6.2/30
MTU 1500 bytes, BW 600000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Step14: Verify the routing table on the BR1, now it suppose to have only one path to the networks which previously were available through multiple paths but the networks 2.2.2.2/32, 172.18.0.0/22 and 172.19.0.0/22 still have not been changed to a single path. The only affected network is 172.16.0.0/22.
BR1# show ip route eigrp
--Output partially displayed--
2.0.0.0/32 is subnetted, 1 subnets
D EX 2.2.2.2 [170/259072] via 10.0.6.1, 00:03:19, GigabitEthernet0/1
[170/259072] via 10.0.5.5, 00:03:19, GigabitEthernet0/0
172.16.0.0/22 is subnetted, 1 subnets
D 172.16.0.0 [90/3840] via 10.0.5.5, 00:00:22, GigabitEthernet0/0
172.18.0.0/22 is subnetted, 1 subnets
D 172.18.0.0 [90/28672] via 10.0.6.1, 00:03:19, GigabitEthernet0/1
[90/28672] via 10.0.5.5, 00:03:19, GigabitEthernet0/0
172.19.0.0/22 is subnetted, 1 subnets
D EX 172.19.0.0 [170/5632] via 10.0.6.1, 00:03:25, GigabitEthernet0/1
[170/5632] via 10.0.5.5, 00:03:25, GigabitEthernet0/0
Step15: To understand why some networks still appear in the routing table via multiple paths you need to know how eigrp metric works. On any given path to the destination, eigrp looks for the interface with minimum bandwidth configured then it uses that information to construct the metric. In this topology, all links are 1 Gbps except that one you just configured, the link between BR1 and DR2 which is 0.6 Gbps. So why those networks are still in the routing table via multiple paths, when its look like all traffic should be going through DR1 only. Further investigation is required.
BR1#show ip eigrp topology 2.2.2.2/32
EIGRP-IPv4 Topology Entry for AS(15)/ID(0.0.17.1) for 2.2.2.2/32
State is Passive, Query origin flag is 1, 2 Successor(s), FD is 259072
Descriptor Blocks:
10.0.5.5 (GigabitEthernet0/0), from 10.0.5.5, Send flag is 0x0
Composite metric is (259072/258816), route is External
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 120 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
Originating router is 0.0.18.2
External data:
AS number of route is 0
External protocol is RIP, external metric is 0
Administrator tag is 0 (0x00000000)
10.0.6.1 (GigabitEthernet0/1), from 10.0.6.1, Send flag is 0x0
Composite metric is (259072/258816), route is External
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 120 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
Originating router is 0.0.18.2
External data:
AS number of route is 0
External protocol is RIP, external metric is 0
Administrator tag is 0 (0x00000000)
Step16: Check minimum bandwidth for 172.18.0.0/22 and 172.19.0.0/22 networks:
BR1#show ip eigrp topology 172.18.0.0/22
--Output partially displayed--
10.0.5.5 (GigabitEthernet0/0), from 10.0.5.5, Send flag is 0x0
Composite metric is (28672/28416), route is Internal
Vector metric:
Minimum bandwidth is 100000 Kbit
--Output partially displayed--
10.0.6.1 (GigabitEthernet0/1), from 10.0.6.1, Send flag is 0x0
Composite metric is (28672/28416), route is Internal
Vector metric:
Minimum bandwidth is 100000 Kbit
BR1#show ip eigrp topology 172.19.0.0/22
--Output partially displayed--
10.0.5.5 (GigabitEthernet0/0), from 10.0.5.5, Send flag is 0x0
Composite metric is (5632/5376), route is External
Vector metric:
Minimum bandwidth is 500000 Kbit
--Output partially displayed--
10.0.6.1 (GigabitEthernet0/1), from 10.0.6.1, Send flag is 0x0
Composite metric is (5632/5376), route is External
Vector metric:
Minimum bandwidth is 500000 Kbit
Explanation: As you can see all three networks have minimum bandwidth less than the bandwidth configured on the link between BR1 and DR2, that is why multiple paths are still present. Because 2.2.2.2/32 host subnet has been redistributed into eigrp domain from rip, seed metric configured with BW of 10000 Kbps, for 172.18.0.0/22 network seed metric configured with BW of 100000 Kbps in the eigrp configuration mode with summary-metric command, lastly 172.19.0.0/22 network, since BR3 configured as eigrp stub receive-only router, it does not advertise the network, in order to reach subnets of BR3, its neighbors DR1 and DR2 have static route configured and then redistributed into eigrp, seed metric specified with BW of 500000 Kbps.
Step17: On the BR2 remove summary-metric.
BR2(config)#router eigrp 15
BR2(config-router)#no summary-metric 172.18.0.0/22 100000 10 255 1 1500
BR2(config-router)#
Step18: On the BR1 verify that network 172.18.0.0/22 is now available only one path via DR1.
BR1# show ip route eigrp
--Output partially displayed--
172.18.0.0/22 is subnetted, 1 subnets
D 172.18.0.0 [90/3328] via 10.0.5.5, 00:05:37, GigabitEthernet0/0
Step19: On the BR1 verify that networks 172.16.0.0/22 and 172.18.0.0/22 are meeting feasibility condition to participate in unequal load balancing otherwise eigrp will not install routes in the RIB.
BR1# show ip eigrp topology
--Output partially displayed--
P 10.0.1.0/30, 1 successors, FD is 3328
via 10.0.5.5 (3328/3072), GigabitEthernet0/0
via 10.0.6.1 (4864/3072), GigabitEthernet0/1
P 172.18.0.0/22, 1 successors, FD is 3328
via 10.0.5.5 (3328/3072), GigabitEthernet0/0
via 10.0.6.1 (4864/3072), GigabitEthernet0/1
Explanation: For both networks, you can see in the output that feasible successors are present.
Step20: Determine the multiplier for variance command by multiplying FD of the successor. 3328x2=6656>4864
Variance command with a multiplier of 2 will suffice for this configuration.
Step21: Configure unequal load balancing.
BR1(config)#router eigrp 15
BR1(config-router)#variance 2
Step22: Verify the routing table, you can see that now networks 172.16.0.0/22 and 172.18.0.0/22 have two paths despite the differences in the metrics, unequal load balancing is enabled.
BR1# show ip route eigrp
--Output partially displayed--
D 172.16.0.0 [90/5376] via 10.0.6.1, 00:00:34, GigabitEthernet0/1
[90/3840] via 10.0.5.5, 00:00:34, GigabitEthernet0/0
172.18.0.0/22 is subnetted, 1 subnets
D 172.18.0.0 [90/4864] via 10.0.6.1, 00:00:34, GigabitEthernet0/1
[90/3328] via 10.0.5.5, 00:00:34, GigabitEthernet0/0
Step23: Save configurations on the all affected routers.
Task5: Establish EIGRP neighbors manually.
Step1: On BR3, DR1 and DR2 verify eigrp neighbor table to find out the ip address of neighbors and their respective outgoing interfaces.
BR3#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(15)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.0.6.9 Gi0/1 11 00:09:47 326 1956 0 45
0 10.0.5.13 Gi0/0 10 00:09:47 347 2082 0 42
DR1#show ip eigrp neighbors
--Output partially displayed--
EIGRP-IPv4 Neighbors for AS(15)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
5 10.0.5.14 Gi0/5 13 00:09:57 233 2097 0 15
DR2#show ip eigrp neighbors
--Output partially displayed--
EIGRP-IPv4 Neighbors for AS(15)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
5 10.0.6.10 Gi0/5 13 00:10:03 228 2052 0 14
Step2: on the BR3, in the eigrp router configuration mode specify eigrp neighbors for DR1 and DR2 manually.
BR3(config)#router eigrp 15
BR3(config-router)#neighbor 10.0.5.13 g0/0
BR3(config-router)#neighbor 10.0.6.9 g0/1
Step3: On the DR1, in the eigrp router configuration mode specify eigrp neighbors for BR3 manually.
DR1(config)#router eigrp 15
DR1(config-router)#neighbor 10.0.5.14 g0/5
Step4: on the DR1 verify manual neighborship with BR3.
DR1# show ip eigrp neighbors detail
--Output partially displayed--
EIGRP-IPv4 Neighbors for AS(15)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
5 10.0.5.14 Gi0/5 12 00:02:54 5 100 0 21
Static neighbor
Version 20.0/2.0, Retrans: 0, Retries: 0
Topology-ids from peer - 0
Topologies advertised to peer: base
Receive-Only Peer Advertising (No) Routes
Suppressing queries
Step5: On the DR2 enable debug for static eigrp neighbor to observe messages.
DR2#debug eigrp neighbors static
Step6: On the DR2, in the eigrp router configuration mode specify eigrp neighbors for BR3 manually.
DR2(config)#router eigrp 15
DR2(config-router)#neighbor 10.0.6.10 g0/5
*Jul 5 14:53:02.446: EIGRP: Multicast Hello is disabled on GigabitEthernet0/5!
*Jul 5 14:53:02.446: EIGRP: Add new unicast nbr 10.0.6.10 to AS 15 GigabitEthernet0/5
*Jul 5 14:53:03.182: %DUAL-5-NBRCHANGE: EIGRP-IPv4 15: Neighbor 10.0.6.10 (GigabitEthernet0/5) is up: new adjacency
Step7: Disable all debugging on the DR2.
DR2# undebug all
Step8: Verify on the DR2 eigrp static neighborship.
DR2# show ip eigrp neighbors detail
--Output partially displayed--
EIGRP-IPv4 Neighbors for AS(15)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
5 10.0.6.10 Gi0/5 13 00:06:47 8 100 0 26
Static neighbor
Version 20.0/2.0, Retrans: 0, Retries: 0
Topology-ids from peer - 0
Topologies advertised to peer: base
Receive-Only Peer Advertising (No) Routes
Suppressing queries
Step9: Save configurations.
DR2#copy running-config startup-config
Step10: Verify on the BR3 eigrp static neighborship.
BR3#show ip eigrp neighbors detail
EIGRP-IPv4 Neighbors for AS(15)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.0.6.9 Gi0/1 10 00:09:13 8 100 0 50
Static neighbor
Version 20.0/2.0, Retrans: 0, Retries: 0, Prefixes: 36
Topology-ids from peer - 0
Topologies advertised to peer: base
0 10.0.5.13 Gi0/0 14 00:15:45 3 100 0 48
Static neighbor
Version 20.0/2.0, Retrans: 0, Retries: 0, Prefixes: 36
Topology-ids from peer - 0
Topologies advertised to peer: base
Max Nbrs: 0, Current Nbrs: 0
Step11: Save configurations on the all affected routers.
Task6: EIGRP Bandwidth utilization.
Step1: On the links between BR3 and DR1 and BR3 and DR2 configure 50000 Kbps bandwidth.
BR3(config)#interface g0/0
BR3(config-if)#bandwidth 50000
BR3(config-if)#exit
BR3(config)#interface g0/1
BR3(config-if)#bandwidth 50000
DR1(config)#interface g0/5
DR1(config-if)#bandwidth 50000
DR2(config)#interface g0/5
DR2(config-if)#bandwidth 50000
Step2: On the BR3 interfaces G0/0 and G0/1 enable bandwidth utilization to the 20%.
BR3(config)#interface range g0/0-1
BR3(config-if-range)#ip bandwidth-percent eigrp 15 20
Step3: Repeat step 2 for DR1 and DR2 on the g0/5 interfaces.
DR1(config)#interface g0/5
DR1(config-if)#ip bandwidth-percent eigrp 15 20
DR2(config)#interface g0/5
DR2(config-if)#ip bandwidth-percent eigrp 15 20
Step4: Verify on the BR3 eigrp bandwidth utiliztion with command below.
BR3#show ip eigrp interfaces detail g0/0
EIGRP-IPv4 Interfaces for AS(15)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/0 1 0/0 0/0 1 0/2 50 0
Hello-interval is 5, Hold-time is 15
Split-horizon is enabled
Next xmit serial
Packetized sent/expedited: 13/0
Hello's sent/expedited: 947/3
Un/reliable mcasts: 0/7 Un/reliable ucasts: 15/23
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 5
Retransmissions sent: 0 Out-of-sequence rcvd: 2
Topology-ids on interface - 0
Interface BW percentage is 20
Authentication mode is md5, key-chain is "EIGRP"
Topologies advertised on this interface: base
Topologies not advertised on this interface:
Step5: Save configurations on the all affected routers.
Task7: EIGRP timers.
Step1: Improve eigrp convergence time between Core1 and Core2 by modifying the hello and hold timers.
Core1(config)#interface g0/0
Core1(config-if)#ip hello-interval eigrp 15 1
Core1(config-if)#ip hold-time eigrp 15 3
Core2(config)#interface g0/0
Core2(config-if)#ip hello-interval eigrp 15 1
Core2(config-if)#ip hold-time eigrp 15 3
Step2: Verify hello and hold timers on both routers.
Core1# show ip eigrp interface detail g0/0
--Output partially displayed--
Hello-interval is 1, Hold-time is 3
Core2# show ip eigrp interface detail g0/0
--Output partially displayed--
Hello-interval is 1, Hold-time is 3
Step3: Using interface range command configure eigrp timers with the same parameters as Core routers interfaces g0/0, in the rest of topology.
Step4: Save configurations on the all affected routers.
Task8: EIGRP Offset-list.
Step1: Verify on the BR1 summary-address configurations for 172.17.0.0/22 if they still present on the interfaces g0/0 and g0/1. In the case of absence, configure summary-address, otherwise proceed to step 2.
BR1# show runnning-config interface g0/0
BR1# show runnning-config interface g0/1
(optional).
BR1(config)#interface range g0/0-1
BR1(config-if-range)#ip summary-address eigrp 15 172.17.0.0/22
Step2: Remove summary-metric from the eigrp router config mode on the BR1.
BR1(config)#router eigrp 15
BR1(config-router)#no summary-metric 172.17.0.0/22 100000 10 255 1 1500
Step3: Verify that the DR2 learnd about the network 172.17.0.0/22 via DR1.
DR2# show ip route eigrp
--Output partially displayed--
172.17.0.0/22 is subnetted, 1 subnets
D 172.17.0.0 [90/3328] via 10.0.5.1, 00:02:17, GigabitEthernet0/0
Step4: Verify eigrp topology table on the DR2 for 172.17.0.0/22 network. As you can see the second "via" line in the output indicates the presence of feasible successor and that mean if link between DR1 and DR2 goes down eigrp simply installs feasible successor route into the routing table without invoking the eigrp algorithm.
--Output partially displayed--
P 172.17.0.0/22, 1 successors, FD is 3328
via 10.0.5.1 (3328/3072), GigabitEthernet0/0
via 10.0.6.2 (4608/2816), GigabitEthernet0/3
Step5: The goal of this task is to demonstrate how to improve convergence with offset-list. In the case of this topology you want to set up DR2 in the way that it is not going to send query about lost route to 172.17.0.0/22 network when link between DR1 and DR2 goes down but since we have backup link to BR1 from DR2 it will always satisfy fesibility condition for 172.17.0.0/22 network since BR1's reported distance is less than Fesible distance of the successor route via DR1, that is why you need to on the BR1's g0/1 interface increase reported distince toward DR2 for 172.17.0.0/22 network, this will break feasibility condition rule. On the BR1 create standard named access-list with permit state for 172.17.0.0/22 network.
BR1(config)#ip access-list standard LOCAL_SUMMARY_ROUTE
BR1(config-std-nacl)#permit 172.17.0.0 0.0.3.255
Step6: Verify access-list.
BR1# show ip access-list
Standard IP access list LOCAL_SUMMARY_ROUTE
10 permit 172.17.0.0, wildcard bits 0.0.3.255
Step7: As you can see in the step4 that reported distance by BR1 to DR2 for 172.17.0.0/22 is 2816. Now by using offset-list on the BR1 you will increase reported distance and DR2 will no loger have feasible successor route for 172.17.0.0/22.
Configure offset-list with 600 added to the metric.
BR1(config)# router eigrp 15
BR1(config-router)# offset-list LOCAL_SUMMARY_ROUTE out 600 g0/1
Step8: Verigy offset-list.
BR1# show ip protocols
--Output partially displayed--
Routing Protocol is "eigrp 15"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Outgoing routes in GigabitEthernet0/1 will have 600 added to metric if on list LOCAL_SUMMARY_ROUTE
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
Redistributing: static
EIGRP-IPv4 Protocol for AS(15)
BR1# show ip access-list
Standard IP access list LOCAL_SUMMARY_ROUTE
10 permit 172.17.0.0, wildcard bits 0.0.3.255 (1 match)
Step9: Verify eigrp topology table on the DR2. It shows that DR2 does not have feasible successor route for 172.17.0.0/22, only one successor route via DR1 is present.
DR2# show ip eigrp topology
--Output partially displayed--
P 172.17.0.0/22, 1 successors, FD is 3328
via 10.0.5.1 (3328/3072), GigabitEthernet0/0
Step10: Display all posible non-successor routes. As you can see that reported distance of any non-successor routes is bigger that feasible distance of successor and in case of successor failure, eigrp has to recalculate metric.
DR2#show ip eigrp topology all-links
--Output partially displayed--
P 172.17.0.0/22, 1 successors, FD is 3328, serno 39
via 10.0.5.1 (3328/3072), GigabitEthernet0/0
via 10.0.2.13 (3584/3328), GigabitEthernet0/2
via 10.0.1.13 (3584/3328), GigabitEthernet0/1
via 10.0.6.2 (5208/3416), GigabitEthernet0/3
Step11: In GNS3 on the link between Core1 and DR2 start packets capture with wireshark. Apply eigrp filter.
Step12: Shutdown DR2's interface g0/0 facing DR1.
DR2(config)# interface g0/0
DR2(config-if)# shutdown
Step13: Observe the results in wireshark. Look for query packets. In the frame 218 you can see that DR2 is looking for 172.17.0.0/22 network.
Step14: Stop wireshark capturing and bring the DR2's g0/0 interface in the up state.
DR2(config)# interface g0/0
DR2(config-if)# no shutdown
Step15: Now by using offset-list on the DR2 increase feasible distance for 172.17.0.0/22. By doing so, non-successor routes will be changed to feasible successor routes because reported distance of non-successors will be less than feasible distance of successor.
DR2(config)#ip access-list standard BR1_SUMMARY_ROUTE
DR2(config-std-nacl)#permit 172.17.0.0 0.0.3.255
DR2(config-std-nacl)#exit
DR2(config)#router eigrp 15
DR2(config-router)#offset-list BR1_SUMMARY_ROUTE in 200 g0/0
Step16: Clear eigrp neighborship with DR1.
DR2# clear ip eigrp neighbors 10.0.5.1
Step17: Check the topology table again. As you can see that now entry for 172.17.0.0/22 netwrok has one successor and three feasible succesors.
DR2# show ip eigrp topology
--Output partially displayed--
P 172.17.0.0/22, 1 successors, FD is 3528
via 10.0.5.1 (3528/3272), GigabitEthernet0/0
via 10.0.1.13 (3584/3328), GigabitEthernet0/1
via 10.0.2.13 (3584/3328), GigabitEthernet0/2
via 10.0.6.2 (5208/3416), GigabitEthernet0/3
Step18: Let's test eigrp convergance by shutting down DR2's G0/0 interface and see results in the wireshark. Start capture packets first as you done in the step11 then shtutdown interface and observe the output of the traffic analyzer.
DR2(config)# interface g0/0
DR2(config-if)# shutdown
Step19: As you can see in the drop down menu of frame 17 that DR2 did not ask for 172.17.0.0/22 network, proving that you can use offset-list for improving convergance.
Step20: Stop capturing packets and bring the interface back in the up state.
Step21: Save configurations on the all affected routers.
Task9: Propagate EIGRP default route.
Step1: Create and verify default static route.
ER1(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.1
ER1# show ip route static
--Output partially displayed--
Gateway of last resort is 192.168.10.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.10.1
Step2: Create summary static route for ER1's external networks pointing to the null0.
ER1(config)# ip route 192.168.96.0 255.255.252.0 null 0
Step3: Redistribute default static route into eigrp domain.
ER1(config)#router eigrp 15
ER1(config-router)#redistribute static metric 1000000 1 255 1 1500
Step4: Verify propagation of default route locally.
ER1# show ip eigrp topology 0.0.0.0/0
EIGRP-IPv4 Topology Entry for AS(15)/ID(0.0.4.11) for 0.0.0.0/0
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2816
Descriptor Blocks:
192.168.10.1, from Rstatic, Send flag is 0x0
Composite metric is (2816/0), route is External
Vector metric:
Minimum bandwidth is 1000000 Kbit
Total delay is 10 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 0
Originating router is 0.0.4.11
External data:
AS number of route is 0
External protocol is Static, external metric is 0
Administrator tag is 0 (0x00000000)
Exterior flag is set
Step5: Verify that default routes are in the routing table of the remote site routers.
BR1# show ip route eigrp
--Output partially displayed--
Gateway of last resort is 10.0.6.1 to network 0.0.0.0
D*EX 0.0.0.0/0 [170/5376] via 10.0.6.1, 00:05:06, GigabitEthernet0/1
[170/3840] via 10.0.5.5, 00:05:06, GigabitEthernet0/0
D EX 192.168.96.0/22 [170/5376] via 10.0.6.1, 00:00:17, GigabitEthernet0/1
[170/3840] via 10.0.5.5, 00:00:17, GigabitEthernet0/0
Step6: As you can see that default route is in the routing table of BR1 but so as the summary route of ER1's external networks. Sometimes you do not need to redistribute other static routes and that is why the next step is to propagate only the default route. Confige prefix list for default route.
ER1(config)# ip prefix-list DF_ROUTE permit 0.0.0.0/0
Step7: Create route-map and specify seed metric.
ER1(config)#route-map RDR_DF_ROUTE permit 10
ER1(config-route-map)#match ip address prefix-list DF_ROUTE
ER1(config-route-map)#set metric 500000 10 255 1 1500
Step8: Disable previous redistribution.
ER1(config)# router eigrp 15
ER1(config-router)# no redistribute static
Step9: Redistribute static route using route-map.
ER1(config-router)# redistribute static route-map RDR_DF_ROUTE
Step10: Verify propagation of default route locally.
ER1#show ip eigrp topology 0.0.0.0/0
EIGRP-IPv4 Topology Entry for AS(15)/ID(0.0.4.11) for 0.0.0.0/0
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 7680
Descriptor Blocks:
192.168.10.1, from Rstatic, Send flag is 0x0
Composite metric is (7680/0), route is External
Vector metric:
Minimum bandwidth is 500000 Kbit
Total delay is 100 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 0
Originating router is 0.0.4.11
External data:
AS number of route is 0
External protocol is Static, external metric is 0
Administrator tag is 0 (0x00000000)
Exterior flag is set
Step11: On the BR1, there should be only default route redistributed, no ER1's external routes.
Step12: Cofigure default route propagation using route-map on the ER2.
Step13: Save configurations on the all affected routers.
Task10: EIGRP Route filter.
Step1: On the ER1 create prefix list named CONNECTED and redistribute connected networks into eigrp domain using route-map RDR_CONN.
ER1(config)# ip prefix-list CONNECTED permit 192.168.96.0/22 le 24
ER1(config)# route-map RDR_CONN
ER1(config-route-map)# match ip address prefix-list CONNECTED
ER1(config-route-map)# exit
ER1(config)# router eigrp 15
ER1(config-router)# redistribute connected route-map RDR_CONN
Step2: On the ER2 repeat step1 with its external subnets.
ER1(config)# ip prefix-list CONNECTED permit 192.168.100.0/22 le 24
ER1(config)# route-map RDR_CONN
ER1(config-route-map)# match ip address prefix-list CONNECTED
ER1(config-route-map)# exit
ER1(config)# router eigrp 15
ER1(config-router)# redistribute connected route-map RDR_CONN
Step3: Verify that ER1 and ER2's subnets have been redistributed.
BR1# show ip route eigrp
--Output partially displayed--
D EX 192.168.96.0/24 [170/133120] via 10.0.6.1, 00:05:10, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 00:05:10, GigabitEthernet0/0
D EX 192.168.97.0/24 [170/133120] via 10.0.6.1, 00:05:10, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 00:05:10, GigabitEthernet0/0
D EX 192.168.98.0/24 [170/133120] via 10.0.6.1, 00:05:10, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 00:05:10, GigabitEthernet0/0
D EX 192.168.99.0/24 [170/133120] via 10.0.6.1, 00:05:10, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 00:05:10, GigabitEthernet0/0
D EX 192.168.100.0/24 [170/133120] via 10.0.6.1, 00:00:11, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 00:00:11, GigabitEthernet0/0
D EX 192.168.101.0/24 [170/133120] via 10.0.6.1, 00:00:11, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 00:00:11, GigabitEthernet0/0
D EX 192.168.102.0/24 [170/133120] via 10.0.6.1, 00:00:11, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 00:00:11, GigabitEthernet0/0
D EX 192.168.103.0/24 [170/133120] via 10.0.6.1, 00:00:11, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 00:00:11, GigabitEthernet0/0
Step4: Prohib access to 192.168.96.0/24 subnet from BR1 and its subnets on the DR1 by using distibute-list with standard acl.
DR1(config)# ip access-list sta FILTER_ROUTES_TO_REMOTE_SITES
DR1(config-std-nacl)# deny 192.168.96.0 0.0.0.255
DR1(config-std-nacl)# permit any
DR1(config-std-nacl)# exit
DR1(config)# router eigrp 15
DR1(config-router)# distribute-list FILTER_ROUTES_TO_REMOTE_SITES out g0/3
Step5: Prohib access to 192.168.96.0/24 subnet from BR1 and its subnets on the DR2 by using distibute-list with prefix-list.
DR2(config)# ip prefix-list FILTER_ROUTES_TO_REMOTE_SITES deny 192.168.96.0/24
DR2(config)# ip prefix-list FILTER_ROUTES_TO_REMOTE_SITES permit 0.0.0.0/0 le 32
DR2(config)# router eigrp 15
DR2(config-router)# distribute-list prefix FILTER_ROUTES_TO_REMOTE_SITES out
Step6: Verify BR1's routing table to see if route filtering took place. As you can see 192.168.96.0/24 route is missing.
BR1# show ip route eigrp
--Output partially displayed--
D EX 192.168.97.0/24 [170/133120] via 10.0.6.1, 01:11:56, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 01:11:56, GigabitEthernet0/0
D EX 192.168.98.0/24 [170/133120] via 10.0.6.1, 01:11:56, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 01:11:56, GigabitEthernet0/0
D EX 192.168.99.0/24 [170/133120] via 10.0.6.1, 01:11:56, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 01:11:56, GigabitEthernet0/0
D EX 192.168.100.0/24 [170/133120] via 10.0.6.1, 01:06:57, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 01:06:57, GigabitEthernet0/0
D EX 192.168.101.0/24 [170/133120] via 10.0.6.1, 01:06:57, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 01:06:57, GigabitEthernet0/0
D EX 192.168.102.0/24 [170/133120] via 10.0.6.1, 01:06:57, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 01:06:57, GigabitEthernet0/0
D EX 192.168.103.0/24 [170/133120] via 10.0.6.1, 01:06:57, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 01:06:57, GigabitEthernet0/0
Step7: To troubleshoot route filtering you can use commands bellow.
show ip protocol
show ip route eigrp
show ip access-list
show ip prefix-list detail
show run | section eigrp
Step8: Prohib access to 192.168.97.0/24 subnet from BR2 and its subnets on the DR1 and DR2 by using distibute-list with route-map.
DR1(config)#access-list 97 permit 192.168.97.0 0.0.0.255
DR1(config)#route-map FILTER_EXT_NETS deny 10
DR1(config-route-map)#match ip address 97
DR1(config-route-map)#exit
DR1(config)#route-map FILTER_EXT_NETS permit 20
DR1(config-route-map)#exit
DR1(config)#router eigrp 15
DR1(config-router)#distribute-list route-map FILTER_EXT_NETS out g0/4
DR2(config)#access-list 97 permit 192.168.97.0 0.0.0.255
DR2(config)#route-map FILTER_EXT_NETS deny 10
DR2(config-route-map)#match ip address 97
DR2(config-route-map)#exit
DR2(config)#route-map FILTER_EXT_NETS permit 20
DR2(config-route-map)#exit
DR2(config)#router eigrp 15
DR2(config-router)#distribute-list route-map FILTER_EXT_NETS out g0/4
Step9: Verify BR2's routing table to see if route filtering took place. As you can see 192.168.97.0/24 route is missing.
BR2# show ip route eigrp
--Output partially displayed--
D EX 192.168.96.0/24 [170/131584] via 10.0.6.5, 01:28:06, GigabitEthernet0/1
[170/131584] via 10.0.5.9, 01:28:06, GigabitEthernet0/0
D EX 192.168.98.0/24 [170/131584] via 10.0.6.5, 01:28:06, GigabitEthernet0/1
[170/131584] via 10.0.5.9, 01:28:06, GigabitEthernet0/0
D EX 192.168.99.0/24 [170/131584] via 10.0.6.5, 01:28:06, GigabitEthernet0/1
[170/131584] via 10.0.5.9, 01:28:06, GigabitEthernet0/0
D EX 192.168.100.0/24 [170/131584] via 10.0.6.5, 01:23:07, GigabitEthernet0/1
[170/131584] via 10.0.5.9, 01:23:07, GigabitEthernet0/0
D EX 192.168.101.0/24 [170/131584] via 10.0.6.5, 01:23:07, GigabitEthernet0/1
[170/131584] via 10.0.5.9, 01:23:07, GigabitEthernet0/0
D EX 192.168.102.0/24 [170/131584] via 10.0.6.5, 01:23:07, GigabitEthernet0/1
[170/131584] via 10.0.5.9, 01:23:07, GigabitEthernet0/0
D EX 192.168.103.0/24 [170/131584] via 10.0.6.5, 01:23:07, GigabitEthernet0/1
[170/131584] via 10.0.5.9, 01:23:07, GigabitEthernet0/0
Task11: BONUS. Summary route leak-map.
Step1: In some situations you will need to access more specific subnet via different path, for example in our case BR1 summarize all its subnets into summary route on the links towards wan aggrigation routers DR1 and DR2 but all incoming traffic come via link connected to DR1 due to bandwidth restrictions on the other link. If you look into DR2's routing table you can see that the only route it has for BR1's subnets is the summary route 172.17.0.0/22 via DR1 but you have requrement to access subnet 172.17.0.0/24 directly through BR1.
DR2# show ip route eigrp
--Output partially displayed--
172.17.0.0/22 is subnetted, 1 subnets
D 172.17.0.0 [
90/3528] via 10.0.5.1, 03:33:25, GigabitEthernet0/0
Step2: Create prefix-list and route-map on the BR1.
BR1(config)#ip prefix-list LEAK_SUBNET permit 172.17.0.0/24
BR1(config)#route-map FILTER_LEAK permit 10
BR1(config-route-map)#match ip address prefix-list LEAK_SUBNET
BR1(config-route-map)# exit
BR1(config)#route-map FILTER_LEAK deny 20
Step3: Configure summary route leak-map to advertise specific subnet of BR1 derictly to DR2 via g0/1 interface.
BR1(config)# interface g0/1
BR1(config-if)#ip summary-address eigrp 15 172.17.0.0/22 leak-map FILTER_LEAK
Step4: Verify that subnet 172.16.0.0/24 is present int DR2's routing table via BR1.
172.17.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.17.0.0/22 [90/3528] via 10.0.5.1, 03:42:58, GigabitEthernet0/0
D 172.17.0.0/24 [90/5208] via 10.0.6.2, 00:01:56, GigabitEthernet0/3
Download Lab: GNS3
Prerequisites:
Cisco IOSv (vios-adventerprisek9-m.vmdk.SPA.156-2.T)
Objectives:
In this lab, you will be configuring advanced features of eigrp. You will summarize small subnets into the larger network, implement authentication between peers, reduce unnecessary queries, enable equal and unequal path load balancing, establish eigrp neighbor relation manually, reduce consumption of the bandwidth by eigrp on the low capacity links, improve convergence with the hello and hold timers and offset list, propagate default static route, prevent routes from getting installed into the routing table.
Topology:
In this gns3project routers already have configured with basic eigrp parameters.
Procedures:
Task1: EIGRP Summarization:
Step1: On HQ-R1 verify that RIB has individual subnets of the remote sites.
HQ-R1# show ip route eigrp
Step2: Configure summary address on BR1's interfaces facing DR1 and DR2.
BR1(config)#interface g0/0
BR1(config-if)#ip summary-address eigrp 15 172.17.0.0 255.255.252.0
BR1(config)#interface g0/1
BR1(config-if)#ip summary-address eigrp 15 172.17.0.0 255.255.252.0
Step3: Verify that HQ-R1 now receiving summary route of BR1.
HQ-R1# show ip route eigrp
HQ-R1# show ip route 172.17.0.0 255.255.252.0
HQ-R1#show ip route 172.17.0.0 255.255.0.0 longer-prefixes
Step4: If you are unable to find the summary route in step3 then you can troubleshoot with this command, it shows for which summary network it enabled in slash notation and interfaces configured on.
BR1# show ip protocols
Step5: Configure the same way summarization on BR2, BR3, and HQ-R1.
Step6: Summary-metric could be applied towards the summary route if you need for some reason increase the metric of the summary route, it can be done in eigrp router configuration mode. The currently reported distance of 172.17.0.0/22 is 2816 after you apply new changes it will be much larger.
BR1(config)# router eigrp 15
BR1(config-router)#summary-metric 172.17.0.0/22 100000 10 255 1 1500
Step7: Verify the new metric for the summary route:
BR1# show ip protocol
BR1#show ip eigrp topology 172.17.0.0/22
Step8: Use step 6 as an example to adjust summary-metric for BR2 and BR3.
Step9: Save configurations on the all affected routers.
Task2: EIGRP Authentication.
Step1: Create key chain EIGRP in global configuration mode.
Core1(config)#key chain EIGRP
Core1(config-keychain)#key 1
Core1(config-keychain-key)#key-string gns3
Step2: Identify eigrp enabled interfaces.
Core1# show ip eigrp interfaces
Step3: Enter the interface range command for all eigrp enabled interfaces and configure authentication.
Core1(config)#interface range g0/0-6
Core1(config-if-range)#ip authentication mode eigrp 15 md5
Core1(config-if-range)#ip authentication key-chain eigrp 15 EIGRP
Step4: Repeat Step1 through 3 on all routers in the topology.
Step5: Verify that authentication is properly enabled on the interfaces.
Core1# show ip eigrp interface detail g0/0
Step6: Verify key chain for the proper parameters, key name, key number, and key string.
Core1# show key chain
Step7: Save configurations on the all affected routers.
Task3: EIGRP Stub.
Step1: On the BR1 router enable debug command for eigrp packet query, you need this to observe what happens when one of BR1's neighbor's network goes down.
BR1# debug eigrp packet query
Step2: On the DR1 shutdown interface g0/0 towards DR2.
DR1(config)# interface g0/0
DR1(config-if)# shutdown
Step3: Go back to BR1 and review the line in the output of debug command.
Example:
*Jul 1 23:38:58.180: EIGRP: received packet with MD5 authentication, key id = 1
*Jul 1 23:38:58.342: EIGRP: received packet with MD5 authentication, key id = 1
*Jul 1 23:38:58.343: EIGRP: Received QUERY on Gi0/0 - paklen 85 nbr 10.0.5.5
*Jul 1 23:38:58.343: AS 15, Flags 0x0:(NULL), Seq 440/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
Step4: On the DR1 bring the g0/0 interface back up.
DR1(config)# interface g0/0
DR1(config-if)# no shutdown
Step5: Enable eigrp stub feature in the router configuration mode.
BR1(config)# router eigrp 15
BR1(config-router)# eigrp stub
Step6: Locally you can verify stub configuration with the command below, it shows you that eigrp stub is enabled on the router and types of routes the router will advertise to its neighbor.
BR1# show ip protocols
--Output partially displayed--
EIGRP-IPv4 Protocol for AS(15)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
Soft SIA disabled
NSF-aware route hold timer is 240
Router-ID: 0.0.17.1
Stub, connected, summary
Topology : 0 (base)
Step7: On the neighboring router you can verify stub option by using this command.
DR1# show ip eigrp neighbor detail
--Output partially displayed--
3 10.0.5.6 Gi0/3 12 00:25:57 211 1266 0 14
Version 20.0/2.0, Retrans: 1, Retries: 0, Prefixes: 2
Topology-ids from peer - 0
Topologies advertised to peer: base
Stub Peer Advertising (CONNECTED SUMMARY ) Routes
Suppressing queries
As you can see in the output, the DR1 will never send out query messages to BR1 when it or its upstream neighbors lost connection to the networks they attached to.
Step8: Make sure that debug command on BR1 is still enabled, then go to DR1's g0/0 interface configuration and simulate failure by shutting the interface down.
DR1(config)# interface g0/0
DR1(config-if)# shutdown
Step9: On the BR1 observe the absence of the query messages, it indicates that feature is working properly.
BR1# debug eigrp packet query
Step10: Repeat steps above for BR2 and BR3 routers.
Step11: By default eigrp stub feature only include in its advertisements connected and summary routes. But what if you need to propagate external route learned by different means. In this case, you could have a static route pointing to the external network and redistributed into the eigrp domain but current stub configuration will not permit it to happen. Let's test this theory out.
BR1(config)#ip route 1.1.1.1 255.255.255.255 null 0
BR1(config-router)#redistribute static
Step12: Verify that configurations in the step above took place.
BR1# show ip route static
--Output partially displayed--
1.0.0.0/32 is subnetted, 1 subnets
S 1.1.1.1 is directly connected, Null0
BR1# show ip eigrp topology
--Output partially displayed--
P 1.1.1.1/32, 1 successors, FD is 256
via Rstatic (256/0)
Step13: You can see that in the step above the router has the static route redistributed into its eigrp topology table but you will not be able to find this network anywhere else in topology. Let's check it out.
HQ-R1# show ip route eigrp
Step14: To fix this problem you need reconfigure eigrp stub with static parameter and do not forget to include connected and summary.
BR1(config)# router eigrp 15
BR1(config-router)# eigrp stub connected summary static
Step15: Go back to HQ-R1 and verify the propagation of 1.1.1.1/32 route.
HQ-R1# show ip route eigrp
--Output partially displayed--
1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/3584] via 10.0.3.9, 00:00:13, GigabitEthernet0/1
[170/3584] via 10.0.3.5, 00:00:13, GigabitEthernet0/0
Step16: On the BR2 you will configure eigrp stub with redistributed parameter. First, you will create a loopback interface.
BR2(config)# interface loopback120
BR2(config-if)# ip address 2.2.2.2 255.255.255.255
Step17: Then enable RIPv2 for 2.2.2.2/32 subnet.
BR2(config)# router rip
BR2(config-router)# version 2
BR2(config-router)# network 2.0.0.0
Step18: Redistribute RIPv2 into EIGRP 15 domain.
BR2(config)# router eigrp 15
BR2(config-router)# redistribute rip metric 10000 10 255 1 1500
Step19: Verify that redistribution took place.
BR2# show ip eigrp topology 2.2.2.2/32
EIGRP-IPv4 Topology Entry for AS(15)/ID(0.0.18.2) for 2.2.2.2/32
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 258560
Descriptor Blocks:
0.0.0.0, from Redistributed, Send flag is 0x0
Composite metric is (258560/0), route is External
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 100 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 0
Originating router is 0.0.18.2
External data:
AS number of route is 0
External protocol is RIP, external metric is 0
Administrator tag is 0 (0x00000000)
Step20: On the HQ-R1 check for the absence of the 2.2.2.2/32, as you can see BR2 does not advertise RIPv2 redistributed route.
HQ-R1# show ip route eigrp
Step21: On the BR2 enable eigrp stub with redistributed parameter.
BR2(config)# router eigrp 15
BR2(config-router)# eigrp stub connected summary redistributed
Step22: Go back to HQ-R1 and verify that it has the 2.2.2.2/32 route in its routing table.
HQ-R1# show ip route eigrp
--Output partially displayed--
2.0.0.0/32 is subnetted, 1 subnets
D EX 2.2.2.2 [170/259584] via 10.0.3.9, 00:00:57, GigabitEthernet0/1
[170/259584] via 10.0.3.5, 00:00:57, GigabitEthernet0/0
Step23: On the BR3 remove configurations you have done in eigrp summarization task.
BR3(config)# router eigrp 15
BR3(config-router)# no summary-metric 172.19.0.0/22 100000 10 255 1 1500
BR3(config-router)# exit
BR3(config)# interface g0/0
BR3(config-if)# no ip summary-address eigrp 15 172.19.0.0 255.255.252.0
BR3(config)# interface g0/1
BR3(config-if)# no ip summary-address eigrp 15 172.19.0.0 255.255.252.0
Step24: On the HQ-R1 verify that it receives individual /24 subnets from BR3.
HQ-R1# show ip route eigrp
--Output partially displayed--
172.19.0.0/24 is subnetted, 4 subnets
D 172.19.0.0 [90/3840] via 10.0.3.9, 00:00:24, GigabitEthernet0/1
[90/3840] via 10.0.3.5, 00:00:24, GigabitEthernet0/0
D 172.19.1.0 [90/131584] via 10.0.3.9, 00:00:24, GigabitEthernet0/1
[90/131584] via 10.0.3.5, 00:00:24, GigabitEthernet0/0
D 172.19.2.0 [90/131584] via 10.0.3.9, 00:00:24, GigabitEthernet0/1
[90/131584] via 10.0.3.5, 00:00:24, GigabitEthernet0/0
D 172.19.3.0 [90/131584] via 10.0.3.9, 00:00:24, GigabitEthernet0/1
[90/131584] via 10.0.3.5, 00:00:24, GigabitEthernet0/
Step25: Due to low bandwidth on the links to the remote site in Philadelphia, the policy states that BR3 should not advertise any routes to the core network. Configure receive-only eigrp stub in router configuration mode.
BR3(config)#router eigrp 15
BR3(config-router)#eigrp stub receive-only
Step26: Verify that DR1 and DR2 are neighbors with BR3 as a receive-only peer and they do not receive routes from it.
DR1#show ip eigrp neighbors detail
--Output partially displayed--
EIGRP-IPv4 Neighbors for AS(15)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
5 10.0.5.14 Gi0/5 14 00:22:42 6 100 0 70
Version 20.0/2.0, Retrans: 0, Retries: 0
Topology-ids from peer - 0
Topologies advertised to peer: base
Receive-Only Peer Advertising (No) Routes
Suppressing queries
Step27: FromBR3-PC1 ping HQ-PC1, as you can see its timing out because there is no path back to the subnet in which BR3-PC1 resides since BR3 router does not advertise its local subnets to the core eigrp domain.
VPCS> ping 172.16.0.100
172.16.0.100 icmp_seq=1 timeout
172.16.0.100 icmp_seq=2 timeout
172.16.0.100 icmp_seq=3 timeout
Step28: On the DR1 and DR2 routers create summary static routes for BR3's subnets pointing to appropriate next-hop address.
DR1(config)# ip route 172.19.0.0 255.255.252.0 10.0.5.14
DR2(config)# ip route 172.19.0.0 255.255.252.0 10.0.6.10
Step29: On both DR1 and DR2 redistribute these routes into eigrp using route-map and prefix-list.
DR1(config)# ip prefix-list BR3_SUMMARY permit 172.19.0.0/22
DR1(config)# route-map RDR_STATIC permit 10
DR1(config-route-map)# match ip address prefix-list BR3_SUMMARY
DR1(config-route-map)# set metric 500000 1 255 1 1500
DR1(config-route-map)# exit
DR1(config)# router eigrp 15
DR1(config-router)# redistribute static route-map RDR_STATIC
Configure DR2 the same way.
I choose the route-map and prefix-list method of redistribution instead of just regular static redistribution because there could be other static routes which should not appear in eigrp domain, having granular approach over which routes you select to advertise is always the best-case scenario.
Step30: Verify that BR3-PC1 now is able to ping HQ-PC1.
VPCS> ping 172.16.0.100
172.16.0.100 icmp_seq=1 timeout
172.16.0.100 icmp_seq=2 timeout
84 bytes from 172.16.0.100 icmp_seq=3 ttl=59 time=5.434 ms
84 bytes from 172.16.0.100 icmp_seq=4 ttl=59 time=6.209 ms
84 bytes from 172.16.0.100 icmp_seq=5 ttl=59 time=7.680 ms
Step31: Save configurations on the all affected routers.
Task4: EIGRP Routing protocol load balancing.
Step1: Configuring equal paths load balancing, by default eigrp already use load balance automatically if multiple paths to the destination with equal cost exist but in this lab, you will reverse this behavior and then enable it later.
HQ-R1(config)# router eigrp 15
HQ-R1(config-router)# maximum-paths 1
Step2: Verify HQ-R1's eigrp neighbors.
HQ-R1# show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(15)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.0.3.5 Gi0/0 10 00:23:39 7 100 0 438
1 10.0.3.9 Gi0/1 10 00:25:22 9 100 0 418
Step3: Verify the routing table to see which path packets will take to reach BR1's 172.17.0.0/22 network.
HQ-R1# show ip route eigrp
--Output partially displayed--
172.17.0.0/22 is subnetted, 1 subnets
D 172.17.0.0 [90/29184] via 10.0.3.5, 00:00:05, GigabitEthernet0/0
Step4: Reset eigrp neighborship on whichever router HQ-R1 uses as the current path to the BR1's network. For example, in my case, it will be HQ-DR1.
HQ-DR1#clear ip eigrp neighbors 10.0.3.6
HQ-DR1#
*Jul 2 18:51:48.506: %DUAL-5-NBRCHANGE: EIGRP-IPv4 15: Neighbor 10.0.3.6 (GigabitEthernet0/3) is down: manually cleared
HQ-DR1#
*Jul 2 18:51:51.802: %DUAL-5-NBRCHANGE: EIGRP-IPv4 15: Neighbor 10.0.3.6 (GigabitEthernet0/3) is up: new adjacency
Step5: Back on the HQ-R1 verify again which path it takes now to reach 172.17.0.0/22 network.
HQ-R1# show ip route eigrp
--Output partially displayed--
172.17.0.0/22 is subnetted, 1 subnets
D 172.17.0.0 [90/29184] via 10.0.3.9, 00:03:53, GigabitEthernet0/1
Step6: As you can see in step 5 that next-hop address has been changed to the HQ-DR2's, also you can verify operation of equal pathing with the command below and you can see that it only uses one path for traffic forwarding no matter how many physical paths to the destination exist.
HQ-R1# show ip protocols
--Output partially displayed--
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
Soft SIA disabled
NSF-aware route hold timer is 240
Router-ID: 0.0.3.11
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 1
Maximum hopcount 100
Maximum metric variance 1
Automatic Summarization: disabled
Address Summarization:
172.16.0.0/22 for Gi0/0, Gi0/1
Summarizing 4 components with metric 2816
Step7: Research online the documentation to find out the logic behind why eigrp choose one path over another when neighborship between routers resets, you also should understand what attribute contributes to the decision-making process.
Step8: Return the load balancing to the default state.
HQ-R1(config)# router eigrp 15
HQ-R1(config-router)# no maximum-path
Step9: Verify load balancing proper operation.
HQ-R1# show ip protocols
HQ-R1# show ip route eigrp
Step10: You also can verify that there are multiple paths to the remote destination with traceroute.
HQ-R1# traceroute 172.17.0.100
Type escape sequence to abort.
Tracing the route to 172.17.0.100
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.3.9 3 msec (packets go via HQ-DR2)
10.0.3.5 3 msec (packets go via HQ-DR1)
10.0.3.9 4 msec
2 10.0.1.17 3 msec
10.0.2.21 4 msec
10.0.1.17 4 msec
3 10.0.2.14 5 msec
10.0.1.10 5 msec
10.0.2.14 6 msec
4 10.0.5.6 6 msec
10.0.6.2 5 msec
10.0.5.6 6 msec
5 172.17.0.100 6 msec 5 msec 6 msec
Step11: On DR2's g0/3 interface set the bandwidth to 600000 kbit/sec.
DR2(config)# interface g0/3
DR2(config-if)# bandwidth 600000
Step12: On BR1's g0/1 interface set the bandwidth to 600000 kbit/sec.
BR2(config)# interface g0/1
BR2(config-if)# bandwidth 600000
Step13: Verify that new change to the interface g0/1 has been applied.
BR1# show interfaces g0/1
--Output partially displayed--
GigabitEthernet0/1 is up, line protocol is up
Hardware is iGbE, address is 0c61.629f.da01 (bia 0c61.629f.da01)
Description: Link to DR2 int g0/3
Internet address is 10.0.6.2/30
MTU 1500 bytes, BW 600000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Step14: Verify the routing table on the BR1, now it suppose to have only one path to the networks which previously were available through multiple paths but the networks 2.2.2.2/32, 172.18.0.0/22 and 172.19.0.0/22 still have not been changed to a single path. The only affected network is 172.16.0.0/22.
BR1# show ip route eigrp
--Output partially displayed--
2.0.0.0/32 is subnetted, 1 subnets
D EX 2.2.2.2 [170/259072] via 10.0.6.1, 00:03:19, GigabitEthernet0/1
[170/259072] via 10.0.5.5, 00:03:19, GigabitEthernet0/0
172.16.0.0/22 is subnetted, 1 subnets
D 172.16.0.0 [90/3840] via 10.0.5.5, 00:00:22, GigabitEthernet0/0
172.18.0.0/22 is subnetted, 1 subnets
D 172.18.0.0 [90/28672] via 10.0.6.1, 00:03:19, GigabitEthernet0/1
[90/28672] via 10.0.5.5, 00:03:19, GigabitEthernet0/0
172.19.0.0/22 is subnetted, 1 subnets
D EX 172.19.0.0 [170/5632] via 10.0.6.1, 00:03:25, GigabitEthernet0/1
[170/5632] via 10.0.5.5, 00:03:25, GigabitEthernet0/0
Step15: To understand why some networks still appear in the routing table via multiple paths you need to know how eigrp metric works. On any given path to the destination, eigrp looks for the interface with minimum bandwidth configured then it uses that information to construct the metric. In this topology, all links are 1 Gbps except that one you just configured, the link between BR1 and DR2 which is 0.6 Gbps. So why those networks are still in the routing table via multiple paths, when its look like all traffic should be going through DR1 only. Further investigation is required.
BR1#show ip eigrp topology 2.2.2.2/32
EIGRP-IPv4 Topology Entry for AS(15)/ID(0.0.17.1) for 2.2.2.2/32
State is Passive, Query origin flag is 1, 2 Successor(s), FD is 259072
Descriptor Blocks:
10.0.5.5 (GigabitEthernet0/0), from 10.0.5.5, Send flag is 0x0
Composite metric is (259072/258816), route is External
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 120 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
Originating router is 0.0.18.2
External data:
AS number of route is 0
External protocol is RIP, external metric is 0
Administrator tag is 0 (0x00000000)
10.0.6.1 (GigabitEthernet0/1), from 10.0.6.1, Send flag is 0x0
Composite metric is (259072/258816), route is External
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 120 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
Originating router is 0.0.18.2
External data:
AS number of route is 0
External protocol is RIP, external metric is 0
Administrator tag is 0 (0x00000000)
Step16: Check minimum bandwidth for 172.18.0.0/22 and 172.19.0.0/22 networks:
BR1#show ip eigrp topology 172.18.0.0/22
--Output partially displayed--
10.0.5.5 (GigabitEthernet0/0), from 10.0.5.5, Send flag is 0x0
Composite metric is (28672/28416), route is Internal
Vector metric:
Minimum bandwidth is 100000 Kbit
--Output partially displayed--
10.0.6.1 (GigabitEthernet0/1), from 10.0.6.1, Send flag is 0x0
Composite metric is (28672/28416), route is Internal
Vector metric:
Minimum bandwidth is 100000 Kbit
BR1#show ip eigrp topology 172.19.0.0/22
--Output partially displayed--
10.0.5.5 (GigabitEthernet0/0), from 10.0.5.5, Send flag is 0x0
Composite metric is (5632/5376), route is External
Vector metric:
Minimum bandwidth is 500000 Kbit
--Output partially displayed--
10.0.6.1 (GigabitEthernet0/1), from 10.0.6.1, Send flag is 0x0
Composite metric is (5632/5376), route is External
Vector metric:
Minimum bandwidth is 500000 Kbit
Explanation: As you can see all three networks have minimum bandwidth less than the bandwidth configured on the link between BR1 and DR2, that is why multiple paths are still present. Because 2.2.2.2/32 host subnet has been redistributed into eigrp domain from rip, seed metric configured with BW of 10000 Kbps, for 172.18.0.0/22 network seed metric configured with BW of 100000 Kbps in the eigrp configuration mode with summary-metric command, lastly 172.19.0.0/22 network, since BR3 configured as eigrp stub receive-only router, it does not advertise the network, in order to reach subnets of BR3, its neighbors DR1 and DR2 have static route configured and then redistributed into eigrp, seed metric specified with BW of 500000 Kbps.
Step17: On the BR2 remove summary-metric.
BR2(config)#router eigrp 15
BR2(config-router)#no summary-metric 172.18.0.0/22 100000 10 255 1 1500
BR2(config-router)#
Step18: On the BR1 verify that network 172.18.0.0/22 is now available only one path via DR1.
BR1# show ip route eigrp
--Output partially displayed--
172.18.0.0/22 is subnetted, 1 subnets
D 172.18.0.0 [90/3328] via 10.0.5.5, 00:05:37, GigabitEthernet0/0
Step19: On the BR1 verify that networks 172.16.0.0/22 and 172.18.0.0/22 are meeting feasibility condition to participate in unequal load balancing otherwise eigrp will not install routes in the RIB.
BR1# show ip eigrp topology
--Output partially displayed--
P 10.0.1.0/30, 1 successors, FD is 3328
via 10.0.5.5 (3328/3072), GigabitEthernet0/0
via 10.0.6.1 (4864/3072), GigabitEthernet0/1
P 172.18.0.0/22, 1 successors, FD is 3328
via 10.0.5.5 (3328/3072), GigabitEthernet0/0
via 10.0.6.1 (4864/3072), GigabitEthernet0/1
Explanation: For both networks, you can see in the output that feasible successors are present.
Step20: Determine the multiplier for variance command by multiplying FD of the successor. 3328x2=6656>4864
Variance command with a multiplier of 2 will suffice for this configuration.
Step21: Configure unequal load balancing.
BR1(config)#router eigrp 15
BR1(config-router)#variance 2
Step22: Verify the routing table, you can see that now networks 172.16.0.0/22 and 172.18.0.0/22 have two paths despite the differences in the metrics, unequal load balancing is enabled.
BR1# show ip route eigrp
--Output partially displayed--
D 172.16.0.0 [90/5376] via 10.0.6.1, 00:00:34, GigabitEthernet0/1
[90/3840] via 10.0.5.5, 00:00:34, GigabitEthernet0/0
172.18.0.0/22 is subnetted, 1 subnets
D 172.18.0.0 [90/4864] via 10.0.6.1, 00:00:34, GigabitEthernet0/1
[90/3328] via 10.0.5.5, 00:00:34, GigabitEthernet0/0
Step23: Save configurations on the all affected routers.
Task5: Establish EIGRP neighbors manually.
Step1: On BR3, DR1 and DR2 verify eigrp neighbor table to find out the ip address of neighbors and their respective outgoing interfaces.
BR3#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(15)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.0.6.9 Gi0/1 11 00:09:47 326 1956 0 45
0 10.0.5.13 Gi0/0 10 00:09:47 347 2082 0 42
DR1#show ip eigrp neighbors
--Output partially displayed--
EIGRP-IPv4 Neighbors for AS(15)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
5 10.0.5.14 Gi0/5 13 00:09:57 233 2097 0 15
DR2#show ip eigrp neighbors
--Output partially displayed--
EIGRP-IPv4 Neighbors for AS(15)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
5 10.0.6.10 Gi0/5 13 00:10:03 228 2052 0 14
Step2: on the BR3, in the eigrp router configuration mode specify eigrp neighbors for DR1 and DR2 manually.
BR3(config)#router eigrp 15
BR3(config-router)#neighbor 10.0.5.13 g0/0
BR3(config-router)#neighbor 10.0.6.9 g0/1
Step3: On the DR1, in the eigrp router configuration mode specify eigrp neighbors for BR3 manually.
DR1(config)#router eigrp 15
DR1(config-router)#neighbor 10.0.5.14 g0/5
Step4: on the DR1 verify manual neighborship with BR3.
DR1# show ip eigrp neighbors detail
--Output partially displayed--
EIGRP-IPv4 Neighbors for AS(15)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
5 10.0.5.14 Gi0/5 12 00:02:54 5 100 0 21
Static neighbor
Version 20.0/2.0, Retrans: 0, Retries: 0
Topology-ids from peer - 0
Topologies advertised to peer: base
Receive-Only Peer Advertising (No) Routes
Suppressing queries
Step5: On the DR2 enable debug for static eigrp neighbor to observe messages.
DR2#debug eigrp neighbors static
Step6: On the DR2, in the eigrp router configuration mode specify eigrp neighbors for BR3 manually.
DR2(config)#router eigrp 15
DR2(config-router)#neighbor 10.0.6.10 g0/5
*Jul 5 14:53:02.446: EIGRP: Multicast Hello is disabled on GigabitEthernet0/5!
*Jul 5 14:53:02.446: EIGRP: Add new unicast nbr 10.0.6.10 to AS 15 GigabitEthernet0/5
*Jul 5 14:53:03.182: %DUAL-5-NBRCHANGE: EIGRP-IPv4 15: Neighbor 10.0.6.10 (GigabitEthernet0/5) is up: new adjacency
Step7: Disable all debugging on the DR2.
DR2# undebug all
Step8: Verify on the DR2 eigrp static neighborship.
DR2# show ip eigrp neighbors detail
--Output partially displayed--
EIGRP-IPv4 Neighbors for AS(15)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
5 10.0.6.10 Gi0/5 13 00:06:47 8 100 0 26
Static neighbor
Version 20.0/2.0, Retrans: 0, Retries: 0
Topology-ids from peer - 0
Topologies advertised to peer: base
Receive-Only Peer Advertising (No) Routes
Suppressing queries
Step9: Save configurations.
DR2#copy running-config startup-config
Step10: Verify on the BR3 eigrp static neighborship.
BR3#show ip eigrp neighbors detail
EIGRP-IPv4 Neighbors for AS(15)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.0.6.9 Gi0/1 10 00:09:13 8 100 0 50
Static neighbor
Version 20.0/2.0, Retrans: 0, Retries: 0, Prefixes: 36
Topology-ids from peer - 0
Topologies advertised to peer: base
0 10.0.5.13 Gi0/0 14 00:15:45 3 100 0 48
Static neighbor
Version 20.0/2.0, Retrans: 0, Retries: 0, Prefixes: 36
Topology-ids from peer - 0
Topologies advertised to peer: base
Max Nbrs: 0, Current Nbrs: 0
Step11: Save configurations on the all affected routers.
Task6: EIGRP Bandwidth utilization.
Step1: On the links between BR3 and DR1 and BR3 and DR2 configure 50000 Kbps bandwidth.
BR3(config)#interface g0/0
BR3(config-if)#bandwidth 50000
BR3(config-if)#exit
BR3(config)#interface g0/1
BR3(config-if)#bandwidth 50000
DR1(config)#interface g0/5
DR1(config-if)#bandwidth 50000
DR2(config)#interface g0/5
DR2(config-if)#bandwidth 50000
Step2: On the BR3 interfaces G0/0 and G0/1 enable bandwidth utilization to the 20%.
BR3(config)#interface range g0/0-1
BR3(config-if-range)#ip bandwidth-percent eigrp 15 20
Step3: Repeat step 2 for DR1 and DR2 on the g0/5 interfaces.
DR1(config)#interface g0/5
DR1(config-if)#ip bandwidth-percent eigrp 15 20
DR2(config)#interface g0/5
DR2(config-if)#ip bandwidth-percent eigrp 15 20
Step4: Verify on the BR3 eigrp bandwidth utiliztion with command below.
BR3#show ip eigrp interfaces detail g0/0
EIGRP-IPv4 Interfaces for AS(15)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/0 1 0/0 0/0 1 0/2 50 0
Hello-interval is 5, Hold-time is 15
Split-horizon is enabled
Next xmit serial
Packetized sent/expedited: 13/0
Hello's sent/expedited: 947/3
Un/reliable mcasts: 0/7 Un/reliable ucasts: 15/23
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 5
Retransmissions sent: 0 Out-of-sequence rcvd: 2
Topology-ids on interface - 0
Interface BW percentage is 20
Authentication mode is md5, key-chain is "EIGRP"
Topologies advertised on this interface: base
Topologies not advertised on this interface:
Step5: Save configurations on the all affected routers.
Task7: EIGRP timers.
Step1: Improve eigrp convergence time between Core1 and Core2 by modifying the hello and hold timers.
Core1(config)#interface g0/0
Core1(config-if)#ip hello-interval eigrp 15 1
Core1(config-if)#ip hold-time eigrp 15 3
Core2(config)#interface g0/0
Core2(config-if)#ip hello-interval eigrp 15 1
Core2(config-if)#ip hold-time eigrp 15 3
Step2: Verify hello and hold timers on both routers.
Core1# show ip eigrp interface detail g0/0
--Output partially displayed--
Hello-interval is 1, Hold-time is 3
Core2# show ip eigrp interface detail g0/0
--Output partially displayed--
Hello-interval is 1, Hold-time is 3
Step3: Using interface range command configure eigrp timers with the same parameters as Core routers interfaces g0/0, in the rest of topology.
Step4: Save configurations on the all affected routers.
Task8: EIGRP Offset-list.
Step1: Verify on the BR1 summary-address configurations for 172.17.0.0/22 if they still present on the interfaces g0/0 and g0/1. In the case of absence, configure summary-address, otherwise proceed to step 2.
BR1# show runnning-config interface g0/0
BR1# show runnning-config interface g0/1
(optional).
BR1(config)#interface range g0/0-1
BR1(config-if-range)#ip summary-address eigrp 15 172.17.0.0/22
Step2: Remove summary-metric from the eigrp router config mode on the BR1.
BR1(config)#router eigrp 15
BR1(config-router)#no summary-metric 172.17.0.0/22 100000 10 255 1 1500
Step3: Verify that the DR2 learnd about the network 172.17.0.0/22 via DR1.
DR2# show ip route eigrp
--Output partially displayed--
172.17.0.0/22 is subnetted, 1 subnets
D 172.17.0.0 [90/3328] via 10.0.5.1, 00:02:17, GigabitEthernet0/0
Step4: Verify eigrp topology table on the DR2 for 172.17.0.0/22 network. As you can see the second "via" line in the output indicates the presence of feasible successor and that mean if link between DR1 and DR2 goes down eigrp simply installs feasible successor route into the routing table without invoking the eigrp algorithm.
--Output partially displayed--
P 172.17.0.0/22, 1 successors, FD is 3328
via 10.0.5.1 (3328/3072), GigabitEthernet0/0
via 10.0.6.2 (4608/2816), GigabitEthernet0/3
Step5: The goal of this task is to demonstrate how to improve convergence with offset-list. In the case of this topology you want to set up DR2 in the way that it is not going to send query about lost route to 172.17.0.0/22 network when link between DR1 and DR2 goes down but since we have backup link to BR1 from DR2 it will always satisfy fesibility condition for 172.17.0.0/22 network since BR1's reported distance is less than Fesible distance of the successor route via DR1, that is why you need to on the BR1's g0/1 interface increase reported distince toward DR2 for 172.17.0.0/22 network, this will break feasibility condition rule. On the BR1 create standard named access-list with permit state for 172.17.0.0/22 network.
BR1(config)#ip access-list standard LOCAL_SUMMARY_ROUTE
BR1(config-std-nacl)#permit 172.17.0.0 0.0.3.255
Step6: Verify access-list.
BR1# show ip access-list
Standard IP access list LOCAL_SUMMARY_ROUTE
10 permit 172.17.0.0, wildcard bits 0.0.3.255
Step7: As you can see in the step4 that reported distance by BR1 to DR2 for 172.17.0.0/22 is 2816. Now by using offset-list on the BR1 you will increase reported distance and DR2 will no loger have feasible successor route for 172.17.0.0/22.
Configure offset-list with 600 added to the metric.
BR1(config)# router eigrp 15
BR1(config-router)# offset-list LOCAL_SUMMARY_ROUTE out 600 g0/1
Step8: Verigy offset-list.
BR1# show ip protocols
--Output partially displayed--
Routing Protocol is "eigrp 15"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Outgoing routes in GigabitEthernet0/1 will have 600 added to metric if on list LOCAL_SUMMARY_ROUTE
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
Redistributing: static
EIGRP-IPv4 Protocol for AS(15)
BR1# show ip access-list
Standard IP access list LOCAL_SUMMARY_ROUTE
10 permit 172.17.0.0, wildcard bits 0.0.3.255 (1 match)
Step9: Verify eigrp topology table on the DR2. It shows that DR2 does not have feasible successor route for 172.17.0.0/22, only one successor route via DR1 is present.
DR2# show ip eigrp topology
--Output partially displayed--
P 172.17.0.0/22, 1 successors, FD is 3328
via 10.0.5.1 (3328/3072), GigabitEthernet0/0
Step10: Display all posible non-successor routes. As you can see that reported distance of any non-successor routes is bigger that feasible distance of successor and in case of successor failure, eigrp has to recalculate metric.
DR2#show ip eigrp topology all-links
--Output partially displayed--
P 172.17.0.0/22, 1 successors, FD is 3328, serno 39
via 10.0.5.1 (3328/3072), GigabitEthernet0/0
via 10.0.2.13 (3584/3328), GigabitEthernet0/2
via 10.0.1.13 (3584/3328), GigabitEthernet0/1
via 10.0.6.2 (5208/3416), GigabitEthernet0/3
Step11: In GNS3 on the link between Core1 and DR2 start packets capture with wireshark. Apply eigrp filter.
Step12: Shutdown DR2's interface g0/0 facing DR1.
DR2(config)# interface g0/0
DR2(config-if)# shutdown
Step13: Observe the results in wireshark. Look for query packets. In the frame 218 you can see that DR2 is looking for 172.17.0.0/22 network.
Step14: Stop wireshark capturing and bring the DR2's g0/0 interface in the up state.
DR2(config)# interface g0/0
DR2(config-if)# no shutdown
Step15: Now by using offset-list on the DR2 increase feasible distance for 172.17.0.0/22. By doing so, non-successor routes will be changed to feasible successor routes because reported distance of non-successors will be less than feasible distance of successor.
DR2(config)#ip access-list standard BR1_SUMMARY_ROUTE
DR2(config-std-nacl)#permit 172.17.0.0 0.0.3.255
DR2(config-std-nacl)#exit
DR2(config)#router eigrp 15
DR2(config-router)#offset-list BR1_SUMMARY_ROUTE in 200 g0/0
Step16: Clear eigrp neighborship with DR1.
DR2# clear ip eigrp neighbors 10.0.5.1
Step17: Check the topology table again. As you can see that now entry for 172.17.0.0/22 netwrok has one successor and three feasible succesors.
DR2# show ip eigrp topology
--Output partially displayed--
P 172.17.0.0/22, 1 successors, FD is 3528
via 10.0.5.1 (3528/3272), GigabitEthernet0/0
via 10.0.1.13 (3584/3328), GigabitEthernet0/1
via 10.0.2.13 (3584/3328), GigabitEthernet0/2
via 10.0.6.2 (5208/3416), GigabitEthernet0/3
Step18: Let's test eigrp convergance by shutting down DR2's G0/0 interface and see results in the wireshark. Start capture packets first as you done in the step11 then shtutdown interface and observe the output of the traffic analyzer.
DR2(config)# interface g0/0
DR2(config-if)# shutdown
Step19: As you can see in the drop down menu of frame 17 that DR2 did not ask for 172.17.0.0/22 network, proving that you can use offset-list for improving convergance.
Step20: Stop capturing packets and bring the interface back in the up state.
Step21: Save configurations on the all affected routers.
Task9: Propagate EIGRP default route.
Step1: Create and verify default static route.
ER1(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.1
ER1# show ip route static
--Output partially displayed--
Gateway of last resort is 192.168.10.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.10.1
Step2: Create summary static route for ER1's external networks pointing to the null0.
ER1(config)# ip route 192.168.96.0 255.255.252.0 null 0
Step3: Redistribute default static route into eigrp domain.
ER1(config)#router eigrp 15
ER1(config-router)#redistribute static metric 1000000 1 255 1 1500
Step4: Verify propagation of default route locally.
ER1# show ip eigrp topology 0.0.0.0/0
EIGRP-IPv4 Topology Entry for AS(15)/ID(0.0.4.11) for 0.0.0.0/0
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2816
Descriptor Blocks:
192.168.10.1, from Rstatic, Send flag is 0x0
Composite metric is (2816/0), route is External
Vector metric:
Minimum bandwidth is 1000000 Kbit
Total delay is 10 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 0
Originating router is 0.0.4.11
External data:
AS number of route is 0
External protocol is Static, external metric is 0
Administrator tag is 0 (0x00000000)
Exterior flag is set
Step5: Verify that default routes are in the routing table of the remote site routers.
BR1# show ip route eigrp
--Output partially displayed--
Gateway of last resort is 10.0.6.1 to network 0.0.0.0
D*EX 0.0.0.0/0 [170/5376] via 10.0.6.1, 00:05:06, GigabitEthernet0/1
[170/3840] via 10.0.5.5, 00:05:06, GigabitEthernet0/0
D EX 192.168.96.0/22 [170/5376] via 10.0.6.1, 00:00:17, GigabitEthernet0/1
[170/3840] via 10.0.5.5, 00:00:17, GigabitEthernet0/0
Step6: As you can see that default route is in the routing table of BR1 but so as the summary route of ER1's external networks. Sometimes you do not need to redistribute other static routes and that is why the next step is to propagate only the default route. Confige prefix list for default route.
ER1(config)# ip prefix-list DF_ROUTE permit 0.0.0.0/0
Step7: Create route-map and specify seed metric.
ER1(config)#route-map RDR_DF_ROUTE permit 10
ER1(config-route-map)#match ip address prefix-list DF_ROUTE
ER1(config-route-map)#set metric 500000 10 255 1 1500
Step8: Disable previous redistribution.
ER1(config)# router eigrp 15
ER1(config-router)# no redistribute static
Step9: Redistribute static route using route-map.
ER1(config-router)# redistribute static route-map RDR_DF_ROUTE
Step10: Verify propagation of default route locally.
ER1#show ip eigrp topology 0.0.0.0/0
EIGRP-IPv4 Topology Entry for AS(15)/ID(0.0.4.11) for 0.0.0.0/0
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 7680
Descriptor Blocks:
192.168.10.1, from Rstatic, Send flag is 0x0
Composite metric is (7680/0), route is External
Vector metric:
Minimum bandwidth is 500000 Kbit
Total delay is 100 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 0
Originating router is 0.0.4.11
External data:
AS number of route is 0
External protocol is Static, external metric is 0
Administrator tag is 0 (0x00000000)
Exterior flag is set
Step11: On the BR1, there should be only default route redistributed, no ER1's external routes.
Step12: Cofigure default route propagation using route-map on the ER2.
Step13: Save configurations on the all affected routers.
Task10: EIGRP Route filter.
Step1: On the ER1 create prefix list named CONNECTED and redistribute connected networks into eigrp domain using route-map RDR_CONN.
ER1(config)# ip prefix-list CONNECTED permit 192.168.96.0/22 le 24
ER1(config)# route-map RDR_CONN
ER1(config-route-map)# match ip address prefix-list CONNECTED
ER1(config-route-map)# exit
ER1(config)# router eigrp 15
ER1(config-router)# redistribute connected route-map RDR_CONN
Step2: On the ER2 repeat step1 with its external subnets.
ER1(config)# ip prefix-list CONNECTED permit 192.168.100.0/22 le 24
ER1(config)# route-map RDR_CONN
ER1(config-route-map)# match ip address prefix-list CONNECTED
ER1(config-route-map)# exit
ER1(config)# router eigrp 15
ER1(config-router)# redistribute connected route-map RDR_CONN
Step3: Verify that ER1 and ER2's subnets have been redistributed.
BR1# show ip route eigrp
--Output partially displayed--
D EX 192.168.96.0/24 [170/133120] via 10.0.6.1, 00:05:10, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 00:05:10, GigabitEthernet0/0
D EX 192.168.97.0/24 [170/133120] via 10.0.6.1, 00:05:10, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 00:05:10, GigabitEthernet0/0
D EX 192.168.98.0/24 [170/133120] via 10.0.6.1, 00:05:10, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 00:05:10, GigabitEthernet0/0
D EX 192.168.99.0/24 [170/133120] via 10.0.6.1, 00:05:10, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 00:05:10, GigabitEthernet0/0
D EX 192.168.100.0/24 [170/133120] via 10.0.6.1, 00:00:11, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 00:00:11, GigabitEthernet0/0
D EX 192.168.101.0/24 [170/133120] via 10.0.6.1, 00:00:11, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 00:00:11, GigabitEthernet0/0
D EX 192.168.102.0/24 [170/133120] via 10.0.6.1, 00:00:11, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 00:00:11, GigabitEthernet0/0
D EX 192.168.103.0/24 [170/133120] via 10.0.6.1, 00:00:11, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 00:00:11, GigabitEthernet0/0
Step4: Prohib access to 192.168.96.0/24 subnet from BR1 and its subnets on the DR1 by using distibute-list with standard acl.
DR1(config)# ip access-list sta FILTER_ROUTES_TO_REMOTE_SITES
DR1(config-std-nacl)# deny 192.168.96.0 0.0.0.255
DR1(config-std-nacl)# permit any
DR1(config-std-nacl)# exit
DR1(config)# router eigrp 15
DR1(config-router)# distribute-list FILTER_ROUTES_TO_REMOTE_SITES out g0/3
Step5: Prohib access to 192.168.96.0/24 subnet from BR1 and its subnets on the DR2 by using distibute-list with prefix-list.
DR2(config)# ip prefix-list FILTER_ROUTES_TO_REMOTE_SITES deny 192.168.96.0/24
DR2(config)# ip prefix-list FILTER_ROUTES_TO_REMOTE_SITES permit 0.0.0.0/0 le 32
DR2(config)# router eigrp 15
DR2(config-router)# distribute-list prefix FILTER_ROUTES_TO_REMOTE_SITES out
Step6: Verify BR1's routing table to see if route filtering took place. As you can see 192.168.96.0/24 route is missing.
BR1# show ip route eigrp
--Output partially displayed--
D EX 192.168.97.0/24 [170/133120] via 10.0.6.1, 01:11:56, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 01:11:56, GigabitEthernet0/0
D EX 192.168.98.0/24 [170/133120] via 10.0.6.1, 01:11:56, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 01:11:56, GigabitEthernet0/0
D EX 192.168.99.0/24 [170/133120] via 10.0.6.1, 01:11:56, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 01:11:56, GigabitEthernet0/0
D EX 192.168.100.0/24 [170/133120] via 10.0.6.1, 01:06:57, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 01:06:57, GigabitEthernet0/0
D EX 192.168.101.0/24 [170/133120] via 10.0.6.1, 01:06:57, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 01:06:57, GigabitEthernet0/0
D EX 192.168.102.0/24 [170/133120] via 10.0.6.1, 01:06:57, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 01:06:57, GigabitEthernet0/0
D EX 192.168.103.0/24 [170/133120] via 10.0.6.1, 01:06:57, GigabitEthernet0/1
[170/131584] via 10.0.5.5, 01:06:57, GigabitEthernet0/0
Step7: To troubleshoot route filtering you can use commands bellow.
show ip protocol
show ip route eigrp
show ip access-list
show ip prefix-list detail
show run | section eigrp
Step8: Prohib access to 192.168.97.0/24 subnet from BR2 and its subnets on the DR1 and DR2 by using distibute-list with route-map.
DR1(config)#access-list 97 permit 192.168.97.0 0.0.0.255
DR1(config)#route-map FILTER_EXT_NETS deny 10
DR1(config-route-map)#match ip address 97
DR1(config-route-map)#exit
DR1(config)#route-map FILTER_EXT_NETS permit 20
DR1(config-route-map)#exit
DR1(config)#router eigrp 15
DR1(config-router)#distribute-list route-map FILTER_EXT_NETS out g0/4
DR2(config)#access-list 97 permit 192.168.97.0 0.0.0.255
DR2(config)#route-map FILTER_EXT_NETS deny 10
DR2(config-route-map)#match ip address 97
DR2(config-route-map)#exit
DR2(config)#route-map FILTER_EXT_NETS permit 20
DR2(config-route-map)#exit
DR2(config)#router eigrp 15
DR2(config-router)#distribute-list route-map FILTER_EXT_NETS out g0/4
Step9: Verify BR2's routing table to see if route filtering took place. As you can see 192.168.97.0/24 route is missing.
BR2# show ip route eigrp
--Output partially displayed--
D EX 192.168.96.0/24 [170/131584] via 10.0.6.5, 01:28:06, GigabitEthernet0/1
[170/131584] via 10.0.5.9, 01:28:06, GigabitEthernet0/0
D EX 192.168.98.0/24 [170/131584] via 10.0.6.5, 01:28:06, GigabitEthernet0/1
[170/131584] via 10.0.5.9, 01:28:06, GigabitEthernet0/0
D EX 192.168.99.0/24 [170/131584] via 10.0.6.5, 01:28:06, GigabitEthernet0/1
[170/131584] via 10.0.5.9, 01:28:06, GigabitEthernet0/0
D EX 192.168.100.0/24 [170/131584] via 10.0.6.5, 01:23:07, GigabitEthernet0/1
[170/131584] via 10.0.5.9, 01:23:07, GigabitEthernet0/0
D EX 192.168.101.0/24 [170/131584] via 10.0.6.5, 01:23:07, GigabitEthernet0/1
[170/131584] via 10.0.5.9, 01:23:07, GigabitEthernet0/0
D EX 192.168.102.0/24 [170/131584] via 10.0.6.5, 01:23:07, GigabitEthernet0/1
[170/131584] via 10.0.5.9, 01:23:07, GigabitEthernet0/0
D EX 192.168.103.0/24 [170/131584] via 10.0.6.5, 01:23:07, GigabitEthernet0/1
[170/131584] via 10.0.5.9, 01:23:07, GigabitEthernet0/0
Task11: BONUS. Summary route leak-map.
Step1: In some situations you will need to access more specific subnet via different path, for example in our case BR1 summarize all its subnets into summary route on the links towards wan aggrigation routers DR1 and DR2 but all incoming traffic come via link connected to DR1 due to bandwidth restrictions on the other link. If you look into DR2's routing table you can see that the only route it has for BR1's subnets is the summary route 172.17.0.0/22 via DR1 but you have requrement to access subnet 172.17.0.0/24 directly through BR1.
DR2# show ip route eigrp
--Output partially displayed--
172.17.0.0/22 is subnetted, 1 subnets
D 172.17.0.0 [
90/3528] via 10.0.5.1, 03:33:25, GigabitEthernet0/0
Step2: Create prefix-list and route-map on the BR1.
BR1(config)#ip prefix-list LEAK_SUBNET permit 172.17.0.0/24
BR1(config)#route-map FILTER_LEAK permit 10
BR1(config-route-map)#match ip address prefix-list LEAK_SUBNET
BR1(config-route-map)# exit
BR1(config)#route-map FILTER_LEAK deny 20
Step3: Configure summary route leak-map to advertise specific subnet of BR1 derictly to DR2 via g0/1 interface.
BR1(config)# interface g0/1
BR1(config-if)#ip summary-address eigrp 15 172.17.0.0/22 leak-map FILTER_LEAK
Step4: Verify that subnet 172.16.0.0/24 is present int DR2's routing table via BR1.
172.17.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.17.0.0/22 [90/3528] via 10.0.5.1, 03:42:58, GigabitEthernet0/0
D 172.17.0.0/24 [90/5208] via 10.0.6.2, 00:01:56, GigabitEthernet0/3
Comments
Post a Comment